1 / 7
Incident response: what to do when you leak data
In this lesson
Incident response: what to do when you leak data
Classify data-leak incidents by regulatory notification trigger thresholds and organizational escalation criteria, applying NIST AI RMF MANAGE 4.3 requirements for communicating incidents to relevant AI actors and…
You'll be able to
- Classify data-leak incidents by regulatory notification trigger thresholds and organizational escalation criteria, applying NIST AI RMF MANAGE 4.3 requirements for communicating incidents to relevant AI actors and affected communities [^3].
- Execute vendor-specific deletion and containment procedures for sensitive data inadvertently submitted to generative AI platforms, documenting each step in accordance with incident response and recovery processes [^3][^7].
- Evaluate the likelihood and magnitude of harm from a given data exposure scenario, referencing NIST MAP 5.1 impact characterization methods, public incident reports, and feedback from external stakeholders [^1].
- Apply post-deployment monitoring and incident-response protocols to track, respond to, and recover from AI-related data leaks, ensuring all actions are documented and communicated to management, legal counsel, and regulatory bodies as required [^3][^7].
- Create an escalation decision tree that integrates organizational risk tolerance, legal requirements, and NIST AI RMF MANAGE function guidance to determine when manager notification, legal review, or external breach disclosure is mandatory [^3][^7].